CVE-2013-6272

Name of the Vulnerable Software and Affected Versions Android versions 4.1.1 through 4.4.2

Description The issue allows attackers to bypass intended access restrictions in the NotificationBroadcastReceiver class, enabling them to make phone calls to arbitrary numbers, send mmi or ussd codes, or hang up ongoing calls via a crafted application.

Recommendations For Android versions 4.1.1 through 4.4.2, consider restricting access to the NotificationBroadcastReceiver class until a patch is available. As a temporary workaround, avoid using the com.android.phone process for sensitive operations.